Making Omnichannel and Payments Security Easy (And Stylish)

When people think e-commerce, they think Amazon, or eBay or maybe Netflix — some provider of a digital marketplace for the purchase of goods or digital services. Hair salons — well, services don’t get more real world, brick-and-mortar-based commerce than that, right? MPD CEO Karen Webster recently caught up with Aurus’ Chief Strategy Officer Bob Wesley and Shortcuts’ Vice President of Operations Tony Phoenix to discuss their prescription to delivering a successful omnichannel strategy to the salon and spa industry.

 

When people think e-commerce, they think Amazon, or eBay or maybe Netflix—some provider of a digital marketplace for the purchase of goods or a digital service provider.  Hair salons — well, services don’t get more real world, brick-and-mortar based commerce than that, right?

Wrong, as it turns out, according to Aurus’ Chief Strategy Officer Bob Wesley and Shortcuts’ Vice President of Operations Tony Phoenix.  Aurus, with their expertise in payments security, and Shortcuts — a company that provides business management solutions for salons and spas — are working together to bring a secure, seamless and omnichannel experience to salons nationwide.

Customers may have to show in-person to get their haircut, but in the ideal world that Aurus and Shortcuts are working to build, they can book them and pay for them with the tap of the button. Even better, they are also working to make sure that payment, whether it be from a phone, regular POS system or desktop, is always safe, secure and totally encrypted.

MPD CEO Karen Webster recently caught up with Bob and Tony to discuss their prescription for delivering a successful omnichannel strategy in the salon and spa industry.

 

KW: Omnichannel is one of the biggest buzzwords that is making its way around retail and payments. What are you doing to keep up with merchants’ omnichannel opportunities, and how are you addressing them?

TP: A lot of the challenges we’re facing, and a lot of what the merchants are looking to solve, is how to address the customer, wherever they are located.  You have to deal with your customer when they’re in the physical store, but also when they are online and interacting in the world.  Online has really transitioned in the last few years from being at home at a computer to the mobile devices – you now can connect from anywhere, anytime, any way.  You really have to be able to engage that customer in the way they want to engage.

For Shortcuts, the salon and spa world tends to be very traditional in that we don’t generally have a huge e-commerce presence.  But that is starting to shift from a product sales standpoint, as well as in customer interactions – booking, advanced payments for services.  Salons can take deposits and payments up front before that customer ever arrives. The ability to seamlessly integrate those customers into that experience in the salon environment becomes crucial.

Payment is a huge part of that because of how consumers swipe a card in store versus how they enter that information online, and keeping that compliance becomes important. With Shortcuts, we are starting to evolve.  We’re always going to have our traditional installed software in the store, but we are also offering more of a cloud service at the same time, and we’re seeing more and more of our clients move in that direction. We’ve partnered with Aurus and the AurusPay® system because it really allows us to offer that seamless transaction experience to customers.  They can interact from anywhere they want, and Aurus helps to manage and provide that frictionless experience, if you will, for the consumer. It also provides the merchants the information they need to move forward.

 

KW: What’s interesting about the salon experience is that, in many ways, it is the quintessential blurring of on-and-offline because you can, on a mobile device, decide to book a salon or spa appointment kind of on the go, and yet you’re consuming the service in a physical environment.

TP: Exactly, and when people look at e-commerce, they look at an Amazon or digital delivery with Netflix.  You really can’t digitally deliver a haircut, a color or a massage. The question then becomes: how do you marry that remote presence with that physical experience? It makes life interesting for our users, especially because spa and salon customers are not necessarily focused on technology.  They’re creative and they’re interested in what they’re delivering, so it has to be a simple solution for them – that becomes necessary.

 

KW: Do you think having the ability to deliver an omnichannel experience like you’ve described creates a sticky consumer experience?  I imagine it would because thinking of myself, as a customer, if it is easy to transact then that particular place will become my go-to.

TP: Absolutely. We introduced online booking a few years back for our customers and we discovered that 70 percent of bookings are made after salon hours.  If you make it easy for the customer to transact, they’ll come back.  People don’t want to have to pick up the phone or sit on hold to try to make an appointment when they can do it in half the time, digitally – even in the middle of the night, if they prefer.

 

KW: Bob, what are some of the idiosyncrasies in supporting the kind of experience Tony and I have just been talking about?

BW: For one, you want to be able to identify the client regardless of whether or not they are making on an online purchase or a purchase in-store.  Sometimes they might make a purchase online and then you have to provide a refund in the store. You want to do that in a way that doesn’t reveal any sensitive card data.  The way we do that is with a service called tokenization, which allows you to seamlessly provide that experience depending on where customers pay.  Consumers want to research, order and pay any way that they want to.

The other thing that we see is that more and more hair salon retailers want to accept payment in different places in their store, they don’t always want the customer to always stand up and make a payment at a register when they are done receiving their services.  So the introduction of mobile POS devices with the ability to accept payments anywhere in the store is becoming a bigger trend.  We don’t just want them to swipe data in the clear on a tablet; we want to be able to protect that data no matter where it’s swiped or where it’s presented.  We work with companies like Shortcuts to take the complexity of payments away from that whole process.

 

KW: So let’s talk about another topic of conversation that I’m sure has a lot of bearing on what you’re doing Tony, and how you’re responding, Bob.  There were another two breaches over the weekend; it seems there is a breach a week.  How do you take that aspect of risk and vulnerability and address that in the solution you provide to these salons and spas?

TP: The risk is definitely a key factor for us and is something we are very aware of and concerned about. Every time we one of these is in the news, we start getting calls from our customers asking, “Am I secure, am I protected? I’m concerned that I’m going to be hacked.” That is actually why we’ve partnered with Aurus. Because of the way the solution is implemented, all of the credit card data is encrypted right there on the device, immediately.  The information is never exposed, never sent in the clear in any way.  The risk of that data ever getting out is so small – we’re not worried about it.  It’s not something where we have to be particularly concerned on the day-to-day that there’s going to be an exposure or a theft from that point.

The advantage to Aurus and the way we’ve implemented this is that it keeps the software out of scope.  We do not have to worry that every time something happens, we have to release a new version of the software and do all the new re-testing as well, which delays our response to the market.  We can release the software, and we can focus on what we do best, which is providing the experience for the salon owners and stylists as well as the consumer, and not worrying about the payment technologies piece of it.

 

KW: So Bob, give us a little more context around delivering what Tony just described?

BW: Sure – it’s almost like the separation of church and state. We basically have segmented the payments process completely from the payment register or the POS register where all the software basically resides, and we’ve taken it over in the payment terminal, which can be customer facing or some payment based device on a tablet. We control the complete software, we’ve isolated that software and we don’t allow any software to creep into that terminal. We put a lot of intelligence into that terminal to check a lot of things like, is this the correct register; this is how you are going to give me the data format; we control that whole process upstream.

A lot of these breaches occur when people swipe the card, and there is sometimes a temporary period of time where the data is not encrypted its put into a temporary storage.  This is a way a lot of these traditional registers were made.  When this happens, “back-off” malware or any other kind of malware can snip or scrape that transaction and export it to China, Russia or other parts of the world to use in a fraudulent manner. We’re able to keep that separation immediately with encryption-hardware or software, tokenization, Point-to-Point Encryption (P2PE) and then take care of any other compliance issues like EMV.

 

KW: Let’s talk about EMV. I’m particularly interested in getting the perspective of these small merchants around EMV. What are they talking about? Do they believe it is something that they need to do?  Are they prepared to do it? How are you helping them manage this shift? 

TP: It’s been a real challenge over the last two years. So when the EMV standards were being discussed a year and half ago, what we tried to communicate with our customers is that it’s coming and we need to make sure they’re prepared for it. And the general response we got was yawns, or “It’s two years away,” or “What’s that? Oh, that’s never going to happen.” They’d do a little bit of research and see how many times it’s been pushed back, back and back, and we weren’t getting a lot of traction with it.

We were convinced that it was coming and we wanted to be sure the Shortcuts side was prepared for it, but getting our consumer and our merchants to understand the importance of it was an interesting challenge for us.

Two things happened that changed the conversation.  Our largest customer, Sport Clips, saw the writing on the wall too, and told us they needed to make sure they were absolutely compliant and to make sure it happens. So when you’re talking a chain of 1500 sites putting out the communication, it makes it easier for us to point to others and tell them they need to take it seriously, too.

Once the Target breach it, it was not just Shortcuts saying that everyone has to do this, it was the media reporting that this is an actual requirement – that got the ball rolling.

There are a lot of struggles within the environment – this is new hardware and merchants have to acquire that. It’s going to cost them. But it’s also about understanding that the risk factors go down significantly, and the way we’ve been trying to talk to our customers about it is that its part of an insurance package. The nice thing with the hardware is that consumers pay for it once and they’re done.  But the awareness is really starting to pick up, and more and more people are really starting to become aware of it.

At the same time, there are always going to be those who aren’t as plugged in and attentive. I think October 2015 is going to get very interesting for a lot of people when they realize they should have been paying attention a lot earlier.

 

KW: Clearly the Target Breach was the turning point.  I even call it the “Black Swan” of payments because I do think it was one of the pivotal turning points in payments for getting the EMV movement in payments going.  Are they also looking at things like Apple Pay and trying to understand the relationship between going mobile, which is how their customers are increasingly booking their reservations and doing things to support EMV?  Are they confused about how to decide one versus the other and prioritize them?

TP: There is definitely some confusion about it.  With Apple Pay, we had a bet in our office as to how long it would take after the announcement to get our first call from a customer asking how to support it.

 

KW: So how long did it take?

TP: Twenty minutes from when it was announced on stage to someone calling us asking when we were going to have it.  The beauty of it is, we’re going to have it very shortly and that’s one of the advantages of Aurus Pay and their technology. They were already working on it, and we’ll have it very shortly here.

What we’re telling clients is, if they’re being smart about this when we upgrade them to EMV, they should get on a terminal that supports Apple Pay, Google Wallet, and other NFC-type technologies at the same time. We can do it basically at the same cost as long as they are smart about it, picking the right terminal with the right approach.

AurusPay becomes particularly useful to us because they deal with that piece of it.  All we need is a terminal that supports it. They take care of the certification process with the different processors like First Data and Vantiv – those guys who need the data.  We don’t have to worry about it from the software standpoint, and it allows us to offer that value to our costumer very quickly.

 

BW: I think EMV protects a lot of card issuers in the market. I don’t think they are going to help Tony sell more POS systems by offering it. It sort of becomes a necessary compliance challenge, and that’s the complexity of payments. The payments space is constantly coming up with different compliance challenge such as requiring another piece of data or , a more detailed receipt,  or whether or not you have to have  use a PIN. Right now in preparing for EMV, we’re working with Chip and Signature, but we are preparing for Chip and PIN integrations that we see in other parts of the world.  Tony and his development team don’t have to worry about that – we’re taking care of those types of changes. The merchants who have Tony’s service get it automatically when it is required because we’re always focusing on payments.

 

KW: Are those who are running these companies responding to what consumers are asking, or are they just trying to get a little bit ahead of an opportunity or trend they should be taking advantage of?

TP: It’s a little bit of both, actually. Consumers are driving a lot of the behavior – they are coming in and making it clear that they want to be able to do this. Retailers are always going to be interested in that reaction.

At the same time, they look to Shortcuts. One of our advantages in the market is that we tend to lead in features and functionality. Consumers are looking for that – what’s going to make their lives easier.

With in-chair payments, which are coming, the merchant is engaging that customer in an environment where they’re more comfortable, and where they’re less likely to be concerned.  When they walk up to a register, the merchant knows that a hard sale is coming and that customers react to that differently.   But if they’re still sitting in the chair after a nice massage or haircut and color, the resistance to purchasing is less, and it doesn’t feel like a hard sale. It seems to grow from the natural flow.

Tying the experience together is going to be important.

 

KW: Bob, you sort of have the last word here. Wrap us up with respect to this particular facet of retail, the requirements, and the opportunities as we’ve discussed them.

BW:The most important interaction with the customer is the last thing they do at the store. In most cases, the last thing the customer does is pay.  So you really want payment to be a frictionless experience. Fifty one percent of people indicate that they would be very likely to use a mobile app to speed up the checkout process. So anything that can add greater convenience speaks to customers.  A lot of people have mentioned that when they go to an Apple store, they don’t have to stand in a register line.  They can immediately complete that transaction. We’re seeing that the more people carry mobile devices, the more they are going to want to use that device to complete their purchase transaction.

Apple is going to shake things up in terms of driving consumers and retailers to use mobile devices in the checkout process.  They are going to make the whole experience more convenient and more engaging.


 

 

 

Bob Wesley
Chief Strategy Officer at Aurus Inc

Bob has over 25 years of experience in developing and implementing payments and mobile solutions around the world. As Chief Strategic Officer at Aurus, he works directly with Fortune 2000 companies to solve complex payment technology challenges and introduce innovative solutions, which drive sales and increase profits. Bob partnered with Jon to develop the innovative Alltown Mobile Wallet.

Prior to joining with Aurus, Bob was the CSO at Leaf POS working CLOSELY with the founders to launch the tablet POS and sell the company to Heartland Payments. Prior to Leaf, Bob was CEO and founder of Modiv Media (MobileLime) a new mobile marketing commerce and in-store digital marketing firm providing mobile coupons, which was later sold to Catalina Marketing. He has held various senior management positions at American Express, MasterCard and Cendant. He has served as the CSO, CMO, CFO and Head of Sales and Business Development for several technology startups. Bob was also a CPA with PriceWaterhouseCoopers in New York.

Bob has authored articles on smart cards and is a speaker at financial industry events. He was a former member of the board of directors for the Smart Card Forum. He has received awards from the New Zealand Government and Queen Elizabeth for developing the country’s tourism strategy and has been recognized by the Mobile Star Awards in 2005 as one of the “Leaders in Mobile Solution Companies.”

 

 

 

Tony Phoenix
Vice President of Operations at Shortcuts

Tony Phoenix is a software engineering professional with more than 20 years’ experience working in software and internet companies including Thomson Reuters, Internet Brands, Penske Corp and Stamps.com.

In 2007, Tony built a client services organization providing customer service, digital marketing and software development to Penske to support the launch of Smart Fortwo car in the US market. A licensed pilot, Tony and his wife have owned a retail business for the past 13 years. Today, Tony uses his business acumen and experience to support clients in North America.  His attention to customer service and ongoing support of clients is Tony’s expertise on the Shortcuts Software executive management team.

 

 

Listen to the full podcast here